to divide developing and production we would like to see a new kind of security layer in the e2e console. So in a productive environment we would establish a quality gate keeper who is allowed to deploy and delete service-configurations and on the other side guards, who can stop, start, kill and export service-configurations.

I understand your idea like that. You want to have different roles. One role should be able to deploy and delete composite services and assign role membership. The other role is not allowed to deploy and delete composites, but it should be able to stop, start, kill and export service-configurations. Is this what you want to have?

The E2E Console has a fixed set of three different roles ADMIN, MODELER and USER. Each E2E Console user is member of one group and the user gets his role from the group.

The roles have these http://docu.e2ebridge.com/Summary+of+User+Access+Rights rights. The configuration of the rights is stored in the file e2e_bridge_data/domain/roles.xml . If you edit this file with an editor you can change the rights. It is a XML file. After a E2E Console update you have to reapply your modifications.

You could for example remove for all modelers the permission to deploy new services, redeploy services or delete services if you delete or uncomment the following lines inside this element <role roleid=”MODELER” description=”Modelers”>